CLAIMS : 

1 LA method of providing and authenticating secure data over a network, 

2 comprising: 

3 establishing a first secure connection from a user device to a first server; 

4 encrypting an enrollment request with a first authentication key, and thereafter 

5 sending the encrypted enrollment request to a host application; 

6 encrypting an enrollment applet, a public key and signed data with the first 

7 authentication key and thereafter returning the encrypted enrollment applet, public key and 

8 signed data from the host application to the first server; 

9 decrypting the enrollment applet and sending the enrollment applet from the first 

1 0 server to the user device using the first secure connection; 

1 1 establishing a second secure connection from the user device to a second server; 

1 2 encrypting the secure data with the public key using the enrollment applet; 

^ 1 3 linking the signed data and the encrypted secure data and thereafter sending the linked 

<H 4 data to the second server; 

2 1 5 encrypting the linked data with a second authentication key and sending the encrypted 

1 6 linked data to the host application; 
\| 1 7 verifying the signed data and thereafter creating authentication data; 

' - 1 8 encrypting the authentication data and the secure data and sending the encrypted 

D 1 9 authentication data and secure data to the second server; 
II 1 20 storing the encrypted authentication data and the secure data. 

R 1 2. The method of claim 1 , wherein the signed data comprises a serial number and 

^ 2 an account number. 

1 3. The method of claim 1, fiirther comprising exchanging the first authentication key 

2 between the first server and the host application and exchanging the second authentication key 

3 between the second server and the host application. 

1 4. The method of claim 1, wherein storing the encrypted authentication data and the 

2 secure data includes storing at least a portion of the authentication data and the secure data in the 

3 enrollment applet. 

1 5. The method of claim 1 , wherein storing the encrypted authentication data and the 

2 secure data includes storing at least a portion of the authentication data and the secure data in a 

3 mobile storage medium. 
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1 6. The method of claim 5, wherein the mobile storage medium is a smart card device 

2 which may be used to access an account from at least one remote location. 

1 7. A method of providing and authenticating secret data over a network, the 

2 network comprising a user device, a first server, a second server and a host application, 

3 comprising: establishing a first secure connection between the user device and the first server 

4 in response to an enrollment request fi'om a user; 

5 sending encrypted enrollment information from the host application to the first server; 

6 decrypting the enrollment information at the first server; 

7 sending an enrollment applet and a unique identifier from the first server to the user 

8 device, the unique identifier identifies the user device; 

9 establishing a second secure connection between the user device and the second server; 

1 0 encrypting an access code using the customer applet; 

1 1 linking the encrypted access code with the unique identifier and thereafter sending the 

1 2 linked encrypted access code and the unique identifier to the second server; 

^ 1 3 encrypting the linked data at the second server and thereafter sending the encrypted 

^ 1 4 linked data to the host application; 

f^f 1 5 venfymg the unique identifier at the host application and thereafter creating 

flj 1 6 authentication data; 

%^ 1 7 encrypting the authentication data with the access code; 

#18 sending the encrypted authentication data and access code from the host application to 

Ml 

m 1 9 the second server; 

W20 sending the encrypted authentication data and access code fix)m the second server to 

21 the customer applet using the second secure connection; and 

22 storing the encrypted authentication data and access code in the customer applet. 

1 8. The method of claim 7, wherein the access code is a personal identification 

2 number (PIN), 

1 9. The method of claim 7, wherein the access code is a password. 

1 10. The method of claim 7, wherein storing the encrypted authentication data and 

2 access code includes storing at least a portion of the encrypted authentication data and the 

3 access code in the customer applet. 

1 11. The method of claim 1 0, further comprising: 
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2 encrypting and sending an enrollment applet, a public key, a serial number and an 

3 account number from the host to the first server; and 

4 decrypting the enrollment applet, a public key, a serial number and an account number 

5 at the first server. 

1 12, The method of claim 7, v^herein storing the encrypted authentication data and 

2 access code includes storing at least a portion of the encrypted authentication data and the 

3 access code on a mobile storage medium. 

1 13. The method of claim 12, wherein the mobile storage medium is a smart card 

2 device which may be used to access an account from at least one remote location. 

1 14. A method of providing and authenticating an access code, comprising: 

2 estabhshing a first secure connection from a user to a first server; 

3 sending an enrolhnent request from the user to the first server using the first secure 
O 4 connection; 

Jj 5 encrypting the enrollment request at the first server and thereafter sending the 

f: 6 encrypted enrollment request to a host application; 

p 7 sending encrypted enrollment information from the host appUcation to the first server, 

8 the enrollment information comprising a customer applet, a public key, a serial number and 

- 9 an account number, wherein the information is used for enrolling and selecting the access 

m 1 0 code by the user; 

W 1 1 decrypting the customer applet at the first server and thereafter sending the customer 

13 12 applet over the first secure connection to the user; 

13 establishing a second secure connection from the user to a second server using the 

14 customer applet; 

1 5 selecting the access code by; 

1 6 encrypting the access code with the public key using the customer applet; 

1 7 linking the encrypted access code with the account number and the serial number 

1 8 from the first server and thereafter sending the linked data to the second server; 

19 encrypting the linked data at the second server and thereafter sending the encrypted 

20 linked data to the host application; 

21 verifying the account number and the serial number at the host application and 

22 thereafter creating authentication data; 

23 encrypting the authentication data and the access code; 
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24 sending the encrypted authentication data and access code from the host application to 

25 the second server; 

26 sending the encrypted authentication data and access code from the second server to 

27 the customer applet using the second secure connection; and 

28 storing the encrypted authentication data and access code. 

1 15. The method of claim 1 4, wherein storing the encrypted authentication data and 

2 access code includes storing at least a portion of the authentication data and the access code in 

3 the customer applet. 

1 16. The method of claim 14, wherein storing the encrypted authentication data and 

2 access code includes storing at least a portion of the authentication data and the access code on a 

3 mobile storage medium. 

1 17. The method of claim 1 6, wherein the mobile storage medium is a smart card 

Q 2 device which may be used to access an account &om at least one remote location. 

1 18. A system for providing and authenticating an access code over a network, 

HI 2 comprising: 

M 3 a user device; 

m 4 a first server, coupled to the user device, for encrypting and decrypting 

5 enrollment information, the information comprising an enrollment request and an enrollment 

w 

P 6 applet; 

is 7 a second server, coupled to the user device, for encrypting and decrypting 

O 8 authorization information, the authorization information comprising an access code and 

9 authentication data; 

10 a host application, coupled to the first server and the second server, for verifying and 

1 1 transmitting authorization information and enrollment information; 

12 a first secure connection for coupling the first server and the user device; 

13 a second secure comection for coupling the second server and the user device; and 

14 a customer applet, transmitted from the host appUcation to the user device over the 

1 5 first secure connection, for allowing a user to enter enrollment information comprising an 

16 access code. 

1 19. The system of claim 18, wherein the first and second seciire connections are 

2 SSL connections. 
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20. The system of claim 18, wherein the customer applet establishes the second 
secure connection in response to a user entering enrollment information. 

21. The system of claim 18, further comprising a plurality of hardware service 
modules, one each coupled to the first server, the second server and the host application, for 
performing cryptography. 

22. The system of claim 18, wherein the user device comprises a personal digital 
assistant. 

23. The system of claim 1 8, wherein the user device comprises a 
personal computer. 

24. The system of claim 1 8, wherein at least a portion of the customer applet is stored 
on a smart card device, wherein the smart card device may be used to access an account from at 
least one remote location, 

25. The system of claim 18, wherein the access code is a personal identification 
number (PIN). 

26. The system of claim 18, wherein the access code is a password. 
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